VoIP and Data on different Vlans

actually we have both services on the same native vlan (1). A Cisco IP phone connected to a floor switch acts as a switch too for the PC directely connected.

We have implemented QoS, but we like to migrate the Voice into a new different Vlan.

My question is:

if data stay on native vlan and Voice into a new one... no problem.

If we want to remove the native vlan and create two new vlans, each for a different service, is it a problem for the IP phone to manage 2 tagged traffic? one for its and one for the PC (and for shure remove the tag).

Private addressing of phones on the voice or auxiliary VLAN ensures address conservation and ensures that phones are not accessible directly via public networks. PCs and servers are typically addressed with publicly routed subnet addresses; however, voice endpoints should be addressed using RFC 1918 private subnet addresses.

QoS trust boundary extension to voice devices

QoS trust boundaries can be extended to voice devices without extending these trust boundaries and, in turn, QoS features to PCs and other data devices.

Protection from malicious network attacks

VLAN access control, 802.1Q, and 802.1p tagging can provide protection for voice devices from malicious internal and external network attacks such as worms, denial of service (DoS) attacks, and attempts by data devices to gain access to priority queues via packet tagging.

Ease of management and configuration

Separate VLANs for voice and data devices at the access layer provide ease of management and simplified QoS configuration.

The Cisco Unified IP Phone has an internal Ethernet switch, enabling it to switch incoming traffic to the phone, to the access port, or to the network port.

If a computer is connected to the access port, the computer and the phone share the same physical link to the switch and share the same port on the switch. This shared physical link has the following implications for the VLAN configuration on the network:

Data traffic present on the VLAN supporting phones may reduce the quality of Voice-over-IP traffic.

You can resolve these issues by isolating the voice traffic onto a separate VLAN on each of the ports connected to a phone. The switch port configured for connecting a phone would have separate VLANs configured for carrying:

Voice traffic to and from the IP phone (auxiliary VLAN)

Data traffic to and from the PC connected to the switch through the access port of the IP phone (native VLAN)

Isolating the phones on a separate, auxiliary VLAN increases the quality of the voice traffic and allows a large number of phones to be added to an existing network where there are not enough IP addresses.

Cisco VLAN technology, built into Cisco routers, Cisco Catalyst switches, and Cisco Aironet wireless access points, separate the physical network into multiple logical networks - for example, one each for a company's HR, sales, marketing, engineering, and finance organizations. A basic technique for voice security is to create a separate VLAN for voice. One advantage is that traffic sent over the voice VLAN is not visible to insiders or outsiders connected to data VLANs, and data traffic cannot cross over to the voice VLAN. Another advantage is that IT can assign a unique class of service for the voice VLAN to ensure that voice traffic receives priority over data traffic.